Configuring Scripts for IDP

The idpsdx.py script provides documented source code as well as configuration properties to allow you to create customized e-mail messages and implementations. You can locate the scripts in the /opt/UMC/idp/scripts directory.

Before You Configure Scripts

Before you configure scripts:

• Complete all other configuration for IDP integration with SRC.
• Verify the location where Python is installed on the system. If you installed Python from the SRC software distribution, the default installation directory is /opt/UMC/python. If you installed Python to a different directory, update the paths in idpsdx.py and in idpsdx.sh (if you use this file).
• For a production environment, start the IDP management server in an environment in which the library path includes the Python libraries.

Configuring Scripts

To configure scripts:

1. Edit the idpsdx.py file to specify the actions to be taken.

   See Properties in the idpsdx.py File.

2. Copy the idpsdx.py file and the idpsdx.sh file (if you use this file) to the appropriate directory for IDP Manager. For the location of this directory, see the IDP documentation at

   http://www.juniper.net/techpubs/software/management/idp/

Properties in the idpsdx.py File

You can modify the following properties in the idpsdx.py file.

RECORD URL

• URL of the record interface of the IDP captive portal that stores information received from IDP. The interface records information about detrimental traffic under the source and destination of the traffic. The security rules configured in IDP determine the type of incidents recorded.
• Value—“ <URL>”
• Guidelines—Enclose the URL in quotation marks because this entry is a Python string. The value “ http://<IP-address>/idpPortal/Record” is the default URL specified in the WEB-INF/web.xml file for idpPortal.war.
• Example—“ http://192.0.2.25/idpPortal/Record”

DSA URL

• URL of the Web application server running Dynamic Service Activator and the path to the Web service description of Dynamic Service Activator.
• Value—URL in the form “ http(s)://<user>:<password>@<host>:<port> //dsa/services/DynamicServiceActivation?wsdl”
  • <user>—Client ID configured for Dynamic Service Activator
  • <password>—Password associated with the client ID configured for Dynamic Service Activator
  • <host>—Hostname or IP address of the server on which Dynamic Service Activator runs
  • <port>—Port number used by Dynamic Service Activator on the server
  • wsdl—Indicates Web Services Description Language
• Guidelines—Enclose the URL in quotation marks because this entry is a Python string.

  In the sample implementation, Dynamic Service Activator is used by the idpsdx.py integration script to send e-mail and activate the captive portal service.

• Example—“ http://idp:secret@10.227.6.171:8080//dsa/services/DynamicServiceActivation?wsdl”

DEBUG

• Specifies whether or not to print diagnostic messages to the screen.
• Value—True or False

RECORD

• Specifies whether or not to send messages to the captive portal to record the details of an incident. The portal stores these messages and provides information about the incidents to a subscriber when Web requests for the subscriber are redirected to the captive portal.
• Value—True or False

CAPTIVE

• Specifies whether or not to activate a captive portal to notify subscribers that IDP detected malicious traffic sent to or received from them.
• Value—True or False

CAPTIVE SERVICE

• Specifies the name of the service that activates a captive portal.

  For a subscriber to have Web requests redirected to a captive portal, the subscriber must have or inherit a subscription to the service.

• Value—“ <service name>”
• Guidelines—Enclose the service name in quotation marks because this entry is a Python string.
• Example—“ Quarantine”

EMAIL

• Specifies whether or not to send notification e-mail messages to subscribers that IDP detected malicious traffic sent or received by them.
• Value—True or False

Sample idpsdx.py Script

Through Dynamic Service Activator, the sample idpsdx.py script activates the service that redirects subscribers to the captive portal. Because Dynamic Service Activator does not support persistent activation, the sample portal activates the service for the captive portal only for users who are logged in to their account.

If you want subscribers to see the IDP captive portal at any time—for example, when they log out of their account, and then log back in to their account but do not try to access the Web—you can write an SAE extension script and invoke it from the invokeScript method in Dynamic Service Activator.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.